[strongSwan] Certificates in cacerts directory
Daniel Mentz
danielml+mailinglists.strongswan at sent.com
Fri Mar 5 16:58:50 CET 2010
ABULIUS, MUGUR (MUGUR) wrote:
>> If rightca is specified then we only request certificates issued by rightca.
>> Otherwise we send certificate requests for all CAs contained in /etc/ipsec.d/cacerts/
>
> If "rightca=" is specified, then it is required that a certificate matching the specified
> DN to be present locally in "/etc/ipsec.d/cacerts/" ?
I guess yes. I mean strongSwan has to read the certificate from somewhere.
You could also create a ca section as described at
http://wiki.strongswan.org/projects/strongswan/wiki/CaSection
if you want to store the certificate in a non-default location.
-Daniel
More information about the Users
mailing list